DKIM verification for ARC (wrongly?) fails with a message containing embedded image
When ARC is enabled in Mailman 3.3.6 (current master e0f4e6cc) with DMARC and DKIM both set to yes, it occasionally happens that, for some messages, the Authentication-Results header reports DKIM verification fail.
ARC-Authentication-Results: i=1; mail.sin.cvut.cz; dkim=fail header.d=paulos.cz;
arc=none (Message is not ARC signed);
dmarc=none
Authentication-Results: mail.sin.cvut.cz; dkim=fail header.d=paulos.cz; arc=none (Message is not ARC signed); dmarc=none
There is a specific artifact in the emails which always breaks the Mailman's verification which I'm enclosing in the attachments below. I think it is something about the embedded image but I cannot currently test further. Various messages with varying attachments were verified correctly, but this one would always fail DKIM verification.
To rule out a DKIM signing implementation defect, I have sent this exact message from both GSuite and my own postfix where rspamd performs DKIM signing. In both cases, the result was the same - dkim=fail here, and dkim=pass for messages without the artifact.
In my case, this does not prevent the message from being delivered.
ARC configuration in mailman.cfg
:
[ARC]
enabled: yes
dmarc: yes
dkim: yes
authserv_id: mail.sin.cvut.cz
privkey: /etc/mailman3/dkim/lust2.private
selector: lust2
domain: sin.cvut.cz
I have attached the exact message which I have sent, and the result after being processed by Mailman and delivered.